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NetIQ Identity Manager Identity Applications 4.8 Service Pack 2 Hotfix 1 (4.8.2.1) resolves specific 
previous issues. This document outlines why you should install this hotfix. 


For the list of software fixes and enhancements in the previous release, see NetlQ Identity Manager 
4.8 Service Pack 2 Release Notes. 


1 What’s New? 


This release includes the following software fixes: 


+ OCTCR28Q282683: Resource modification leading to an issue in the /rest/catalog/ 
resources/resourceV2 API that results in mix up of key value pair of the resource categories. 


+ OCTCR28Q231611: Assigning role to groups and containers does not trigger an approval 
process when approval is configured for that role. (Bug 1172124) 
+ OCTCR28Q282474: Team managers unable to reassign their tasks to the reporting manager. 


+ OCTCR28Q280503: Conditions defined in DAL relationship in Designer are not used correctly 
when searching users in a team on New Request page. 


+ OCTCR28Q282552: Team Manager and administrators are unable to search users while 
requesting permissions for others, if additional user search attributes have been added in the 
Settings page. 

+ OCTCR28Q232125: User search on New Request page returns NPE when requesting 
permissions for others.(Bug 1172191) 


+ OCTCR28Q283419: getworkEntriesRequest SOAP endpoint returns NPE if no task is 
assigned to the user. 


+ OCTCR28Q283211: idmdash making multiple REST calls to /IDMProv/rest/access/tasks/ 
badge?1imit=200 rather than one to load the tasks on Applications > My Approvals page in the 
Dashboard. 


+ OCTCR28Q286157: idmdash making unwanted REST calls to /rest/access/rob when logging 
in to the dashboard. 


This hotfix includes CVE-2020-25839 that addresses a potential SQL injection attack. Special thanks 
go to Norbert Klasen for responsibly disclosing this issue to us. 


2 Upgrading to Identity Applications 4.8.2 HotFix1 


You must be on Identity Manager 4.8.2 at a minimum to apply this hotfix. 


IMPORTANT: In a cluster setup, ensure that you install the hotfix on each node of the Identity 
Applications cluster. 
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2.1 Upgrading to Identity Applications 4.8.2 HotFix 1 on Linux 


1 Stop the Tomcat service running on your Identity Applications server by running the following 
command: 


systemctl stop netigq-tomcat.service 
2 Back up the IDMProv.war, idmadmin.war, idmdash.war, and workflow.war files from the / 
opt/netiq/idm/apps/tomcat/webapps location. 


3 Delete the following directories and files from the /opt/netigq/idm/apps/tomcat /webapps 
directory: 


¢ IDMProv.war 
+ IDMProv directory 
+ idmadmin.war 
+ idmadmin directory 
+ idmdash.war 
+ idmdash directory 
+ workflow.war 
+ workflow directory 
4 Download and extract the IDM48-APPS-SP2_HF1.zip file from the NetIQ Download site. 


5 Rename idmadmin-4.8.2.1.war to idmadmin.war and idmdash-4.8.2.1.war to 
idmdash.war. 


6 Copy the IDMProv.war, idmadmin.war, idmdash.war, and workflow.war files from the 
extracted location to <Tomcat -installed-location>/webapps directory. 


7 Run the following commands to execute permissions and user rights for the replaced war files: 
+ chmod +x IDMProv.war idmadmin.war idmdash.war workflow.war 
+ chown -R novlua:novlua IDMProv.war idmadmin.war idmdash.war workflow.war 


8 Delete all the directories and files from the /opt/netig/idm/apps/tomcat/temp and /opt/ 
netiq/idm/apps/tomcat/work directories. 


9 Navigate to the /opt/netiq/idm/apps/tomcat/conf directory and set 
com.netiq.idm.rbpm.updateConfig-On-StartuUp flag to true in the ism- 
configuration. properties file. 


10 Start the Tomcat service on your Identity Applications server by running the following command: 


systemctl start netiq-tomcat.service 


2.2 Upgrading to Identity Applications 4.8.2 HotFix 1 on Windows 


1 From the Windows services, stop the IDM Apps Tomcat Service running on your Identity 
Applications server. 


2 Back up the IDMProv.war, idmadmin.war, idmdash.war, and workflow.war files from the 
<Identity Applications Tomcat installed location>\webapps\ folder. 


3 Delete the following from the <Identity Applications Tomcat installed 
location>\webapps\ folder. 


+ IDMProv.war 
+ IDMProv folder 


+ idmadmin.war 
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+ idmadmin folder 
+ idmdash.war 
+ idmdash folder 
+ workflow.war 
+ workflow folder 
4 Download and extract the IDM48-APPS-SP2_HF1.zip file from the NetIQ Download site. 


5 Rename idmadmin-4.8.2.1.war to idmadmin.war and idmdash-4.8.2.1.war to 
idmdash.war. 


6 Copy the IDMProv.war, idmadmin.war, idmdash.war, and workflow.war files from the 
extracted location to <Identity Applications Tomcat installed location>\webapps\ 
folder. 


7 Delete all the files and folders from the <Identity Applications Tomcat installed 


location>\temp and <Identity Applications Tomcat installed location>\work folders. 


8 Navigate to the C: \NetIQ\idm\apps\tomcat\conf\ folder and set 
com.netiq.idm.rbpm.updateConfig-On-StartuUp flag to true in the ism- 
configuration. properties file. 


9 From the Windows services, start the IDM Apps Tomcat Service on your Identity Applications 
server. 


Known Issue 


NetIQ strives to ensure our products provide quality solutions for your enterprise software needs. The 
following issues are currently being researched. If you need further assistance with any issue, please 
contact Technical Support. 


¢ Section 3.1, “Identity Applications Issue,” on page 3 
èe Section 3.2, “Identity Reporting Issue,” on page 3 


Identity Applications Issue 

You might encounter the following issue when you use Identity Applications, which includes 
Dashboard, Identity Applications Administration interface, and the User Application: 

Settings to Enable and Disable Role to Role Approval Process is Not Working 
At Client Level 


Issue: In the settings page, if the approval process for role to role mapping is enabled for default 
client (client1) and disabled for other clients (say client2), the approval process is triggered for both 
client1 and client2 users when a child role is mapped to a parent role. (Defect OCTCR28Q289168) 


Workaround: There is no workaround at this time. The enable and disable approval settings for role 
to role mapping must be configured for the default client, which will apply to all clients. 


Identity Reporting Issue 


You might encounter the following issue when you use Identity Reporting. 
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3.2.1 


Data Generated in the Role Assignments of User Report is not Formatted 
Properly 


Issue: The Role Assignments of User Current State report displays the distinguished name (DN) 
of the group, approvers, and requester instead of their full names in the Source column. This is 
observed specifically for roles that are assigned to the user through role assignments to groups, 
containers, or through role to role mapping. (Defect OCTCR28Q287067 ) 


Workaround: There is no workaround at this time. However, there is no functionality loss. The fix for 
this issue will be available shortly. 


Contact Information 


Our goal is to provide documentation that meets your needs. If you have suggestions for 
improvements, please email Documentation-Feedback@netiq.com (mailto: Documentation- 
Feedback@netiq.com). We value your input and look forward to hearing from you. 


For detailed contact information, see the Support Contact Information website. 
For general corporate and product information, see the NetIQ Corporate website. 


For interactive conversations with your peers and NetIQ experts, become an active member of our 
community. The NetIQ online community provides product information, useful links to helpful 
resources, blogs, and social media channels. 


Legal Notice 


For information about legal notices, trademarks, disclaimers, warranties, export and other use 
restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/ 
company/legal/. 


Copyright © 2020 NetIQ Corporation, a Micro Focus company. All Rights Reserved. 
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